From: Vitaly Kuznetsov <vkuznets@redhat.com>
To: Paolo Bonzini <pbonzini@redhat.com>
Cc: sean.j.christopherson@intel.com, linux-kernel@vger.kernel.org,
kvm@vger.kernel.org
Subject: Re: [PATCH] KVM: nVMX: remove side effects from nested_vmx_exit_reflected
Date: Wed, 18 Mar 2020 11:52:47 +0100 [thread overview]
Message-ID: <87tv2m2av4.fsf@vitty.brq.redhat.com> (raw)
In-Reply-To: <1584468059-3585-1-git-send-email-pbonzini@redhat.com>
Paolo Bonzini <pbonzini@redhat.com> writes:
> The name of nested_vmx_exit_reflected suggests that it's purely
> a test, but it actually marks VMCS12 pages as dirty. Move this to
> vmx_handle_exit, observing that the initial nested_run_pending check in
> nested_vmx_exit_reflected is pointless---nested_run_pending has just
> been cleared in vmx_vcpu_run and won't be set until handle_vmlaunch
> or handle_vmresume.
>
> Suggested-by: Vitaly Kuznetsov <vkuznets@redhat.com>
> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
> ---
> arch/x86/kvm/vmx/nested.c | 18 ++----------------
> arch/x86/kvm/vmx/nested.h | 1 +
> arch/x86/kvm/vmx/vmx.c | 19 +++++++++++++++++--
> 3 files changed, 20 insertions(+), 18 deletions(-)
>
> diff --git a/arch/x86/kvm/vmx/nested.c b/arch/x86/kvm/vmx/nested.c
> index 8578513907d7..4ff859c99946 100644
> --- a/arch/x86/kvm/vmx/nested.c
> +++ b/arch/x86/kvm/vmx/nested.c
> @@ -3527,7 +3527,7 @@ static void vmcs12_save_pending_event(struct kvm_vcpu *vcpu,
> }
>
>
> -static void nested_mark_vmcs12_pages_dirty(struct kvm_vcpu *vcpu)
> +void nested_mark_vmcs12_pages_dirty(struct kvm_vcpu *vcpu)
> {
> struct vmcs12 *vmcs12 = get_vmcs12(vcpu);
> gfn_t gfn;
> @@ -5543,8 +5543,7 @@ bool nested_vmx_exit_reflected(struct kvm_vcpu *vcpu, u32 exit_reason)
> struct vcpu_vmx *vmx = to_vmx(vcpu);
> struct vmcs12 *vmcs12 = get_vmcs12(vcpu);
>
> - if (vmx->nested.nested_run_pending)
> - return false;
> + WARN_ON_ONCE(vmx->nested.nested_run_pending);
>
> if (unlikely(vmx->fail)) {
> trace_kvm_nested_vmenter_failed(
> @@ -5553,19 +5552,6 @@ bool nested_vmx_exit_reflected(struct kvm_vcpu *vcpu, u32 exit_reason)
> return true;
> }
>
> - /*
> - * The host physical addresses of some pages of guest memory
> - * are loaded into the vmcs02 (e.g. vmcs12's Virtual APIC
> - * Page). The CPU may write to these pages via their host
> - * physical address while L2 is running, bypassing any
> - * address-translation-based dirty tracking (e.g. EPT write
> - * protection).
> - *
> - * Mark them dirty on every exit from L2 to prevent them from
> - * getting out of sync with dirty tracking.
> - */
> - nested_mark_vmcs12_pages_dirty(vcpu);
> -
> trace_kvm_nested_vmexit(kvm_rip_read(vcpu), exit_reason,
> vmcs_readl(EXIT_QUALIFICATION),
> vmx->idt_vectoring_info,
> diff --git a/arch/x86/kvm/vmx/nested.h b/arch/x86/kvm/vmx/nested.h
> index 21d36652f213..f70968b76d33 100644
> --- a/arch/x86/kvm/vmx/nested.h
> +++ b/arch/x86/kvm/vmx/nested.h
> @@ -33,6 +33,7 @@ void nested_vmx_vmexit(struct kvm_vcpu *vcpu, u32 exit_reason,
> int get_vmx_mem_address(struct kvm_vcpu *vcpu, unsigned long exit_qualification,
> u32 vmx_instruction_info, bool wr, int len, gva_t *ret);
> void nested_vmx_pmu_entry_exit_ctls_update(struct kvm_vcpu *vcpu);
> +void nested_mark_vmcs12_pages_dirty(struct kvm_vcpu *vcpu);
> bool nested_vmx_check_io_bitmaps(struct kvm_vcpu *vcpu, unsigned int port,
> int size);
>
> diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c
> index b447d66f44e6..07299a957d4a 100644
> --- a/arch/x86/kvm/vmx/vmx.c
> +++ b/arch/x86/kvm/vmx/vmx.c
> @@ -5851,8 +5851,23 @@ static int vmx_handle_exit(struct kvm_vcpu *vcpu,
> if (vmx->emulation_required)
> return handle_invalid_guest_state(vcpu);
>
> - if (is_guest_mode(vcpu) && nested_vmx_exit_reflected(vcpu, exit_reason))
> - return nested_vmx_reflect_vmexit(vcpu, exit_reason);
> + if (is_guest_mode(vcpu)) {
> + /*
> + * The host physical addresses of some pages of guest memory
> + * are loaded into the vmcs02 (e.g. vmcs12's Virtual APIC
> + * Page). The CPU may write to these pages via their host
> + * physical address while L2 is running, bypassing any
> + * address-translation-based dirty tracking (e.g. EPT write
> + * protection).
> + *
> + * Mark them dirty on every exit from L2 to prevent them from
> + * getting out of sync with dirty tracking.
> + */
> + nested_mark_vmcs12_pages_dirty(vcpu);
> +
> + if (nested_vmx_exit_reflected(vcpu, exit_reason))
> + return nested_vmx_reflect_vmexit(vcpu, exit_reason);
> + }
>
> if (exit_reason & VMX_EXIT_REASONS_FAILED_VMENTRY) {
> dump_vmcs();
The only functional difference seems to be that we're now doing
nested_mark_vmcs12_pages_dirty() in vmx->fail case too and this seems
superfluous: we failed to enter L2 so 'special' pages should remain
intact (right?) but this should be an uncommon case.
Reviewed-by: Vitaly Kuznetsov <vkuznets@redhat.com>
--
Vitaly
next prev parent reply other threads:[~2020-03-18 10:52 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-03-17 18:00 [PATCH] KVM: nVMX: remove side effects from nested_vmx_exit_reflected Paolo Bonzini
2020-03-18 10:52 ` Vitaly Kuznetsov [this message]
2020-03-18 10:59 ` Paolo Bonzini
2020-03-18 15:12 ` Sean Christopherson
2020-03-19 20:11 ` Krish Sadhukhan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87tv2m2av4.fsf@vitty.brq.redhat.com \
--to=vkuznets@redhat.com \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=pbonzini@redhat.com \
--cc=sean.j.christopherson@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.